What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I haven't noticed any shutdown speed difference, but I am running Windows 8.1.1 on all of my machines. Was this a Win7 issue? Also, the remoting in aspect is likely fixed under Firewall Rules. Norton has a pretty aggressive firewall, and you will likely need to disable. Do you use IPv6 via IPSEC from work? Norton by default blocks any 'Tunneling' with it's FW as a security precaution, but a single checkmark will fix that. Norton also blocks IPv6 depending on how it is used, because IPv6 can be a security risk, especially if it is using Teredo. That also can be disabled under FW rules.

    My only issue with Norton 2015 so far is that Download Insight doesn't play well with Opera. I consider Insight to be one of the more powerful aspects of Norton, and having it not play right with Opera means I need to abandon Opera. Not a big deal, I don't really like the direction Opera has been going. So far that's been the only thing I noted, and I find it very light, and using only minuscule resources.
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    @Mayahana
    I use Windows 8.1 with all updates installed on SSD. Without NS system shuts down in 2-3 seconds with NS it takes around 1 minute. It is reported on their forum also: https://community.norton.com/forums/long-shut-down-and-restart-computer

    With remoting I have had two problems:
    1. NS firewall blocked RDC after first successful connection and no further connections were possible. It was reported in history section and it was the last activity logged because
    2. after I logged in locally I found out that NS service (and antivirus) were shut down. There were no NS.exe running and after starting AV manually I found out that there were no events logged, no history and no activity monitored during that time. I can assume that AV was shut down, but driver was still loaded (it blocked all my RDC attempts).
    This last problem made me go back to ESET.
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I don't use RDC, I tend to use IPSEC VPN tunnel through Forticlient when I need to do this. So I haven't run into this issue.

    Shutdown seems normal. Do you use Win8X Hybrid Shutdown or have you changed it to full shutdown? I haven't experienced this at all, and generally have 5-10 second shutdowns with Norton 2015 on all 10 machines here. I see in the thread some are reporting FIVE MINUTE shutdowns.. I wonder if a setting could be causing this? Some thoughts on this;

    1) Do you have a lot of USB devices/drives/hardware connected?
    2) Do you have BootScan set to Aggressive in Norton? (on the off chance this may impact shutdown as well?)

    Also, I have my Norton 2015 tweaked up.. Almost all of the 'extras' disabled.. Backup, Optimization, System Cleanup, Notifications, and a bunch of other stuff disabled. Only using SPAM (Outlook Integreation, Firewall, AV) components. I wonder if something else is causing it, like an optimization or cleanup?
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I use full shutdown and not hybrid one. I have only printer (shut down), keyboard and mouse connected to USB ports. I didn't change Bootscan setting. I only disabled some tasks (optimization...) and didn't change other default settings. I don't have it installed any more so I can't check specific settings.

    I guess I will wait for month or two and try it then again.
     
  5. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I use hybrid. That could be part of it. Also I have heavily tweaked all of the systems at home, including reduction of shutdown, application kill timers, etc.
     
  6. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Sandboxie and some other stuff... for almost 4 years now.
     
  7. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    Avast Internet Security 2015

    Hardened mode set to aggressive
    PUP scan on
    Firewall set to public and Ask.
     
  8. ThreeCubed

    ThreeCubed Registered Member

    Joined:
    Mar 6, 2014
    Posts:
    10
    Location:
    Gandolfo
    So good to see the "PCDoctor" back on the forums again... ((Give us a wink... ))
     
  9. Austerity

    Austerity Registered Member

    Joined:
    Jun 21, 2013
    Posts:
    372
    Location:
    Georgia / USA
    Work laptop (Lenovo T420) - Yandex DNS, ublock & AppGuard
     
  10. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Evening! Just installed and updated Avast A/V Pro from 2014 to 2015...in Tandem with WSA Security Plus and AppGuard. Be interesting to see the Detection Results of the new App. Runs light and Calorie Free...Lol! Sincerely...Securon
     
  11. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    679
    Hi Securon. Enable aggressive hardened mode and global pup scan under general settings. I would like to see these settings as default.
     
  12. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Evening! Just changed Hardened mode from moderate to aggressive and already enabled pup scan. Thanks for the Heads Up... Charyb... Sincerely...Securon
     
  13. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    You surely mean DoctorPC ;)
     
  14. Desktop setup (Windows 7 Ultimate 32 bits)
    - Recovery: Weekly Windows Image and Syncback Free data backup to NAS and USB-disk
    - Mitigation: Open DNS, Windows Firewall (also outbound), disabled risk-ware/user autoruns
    - Whitelist: UAC (block unsigned), AppLocker (allow trusted), Secure Folders (no-execute)
    - Blacklist: Browser's build in malware, Linkscanner (scripts) and easylist adblock filters
    - Host: Chromium running GPO locked and UAC virtualized without flash or PDF plugins
    - Guest: Gupzilla with flash in XP-mode (PosReady) running as basic user & SRP deny
     
    Last edited by a moderator: Oct 27, 2014
  15. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,175
    Back to ZAESS
     
  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I went live with a USG210 on my home network. Within a couple of hours it reminded me why it's insane to not run a UTM appliance, even in the home.

    New setup is USG210 at the front door, locked down, full IDS/AV/URL inspection w/hourly updated signatures. ASUS RT-AC87 has been moved into AP mode, and is functioning as an AP within the home for roughly 5,000sq feet of coverage. Nothing else has changed.

    (Eicar was me testing it, everything else is in the normal course of the operation of 25-50 clients, PC, mobile or otherwise)
     

    Attached Files:

  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    It's back to 360 Internet Security for me. I've tried over 20 different antiviruses in the last month, and in my opinion 360 IS is better than the others. I have the protection level set to low and proactive defense turned off, and it is exceptionally light. Having proactive defense enabled probably does not make much difference in performance. I just have disabled it because I find it annoying.

    Aside from that, you can configure it to prompt for what action to take when a threat is found, instead of automatically quarantining it. I don't know why all antiviruses don't have this option. Also, when a threat is found, you have the option to add it to 360's whitelist so it is not detected anymore unless it is modified. Another excellent feature, and one that would be good if more antiviruses had. For example I installed Avast this morning, and while in the few minutes I had it installed, it was light, it annoyed me that there was no option to ignore a threat when it detected one, and becuase of this I uninstalled it.

    My main complaints about other antiviruses is that they slow down my computer (most antiviruses do), and they automatically quarantine threats.

    Edit: Another thing which really stands out as well, is the really fast quick scans. It took 4 minutes for my first quick scan, on my system which has a reasonable anount of software installed (on a faster system and one with less software installated I would say it should be even faster), and I just did a another quick scan and it took just 1 minute 46 seconds.

    What's nice too, is that when a scan has completed, there is an Unsatisfied button which takes you to a feedback screen to report any remaining issues, if you think 360 has not found an infection.
     
    Last edited: Oct 25, 2014
  18. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
    Amen! Agree!
     
  19. Yep Loman brother have a real gem. Bought a home solution which is 1/10 in price compared to your SMB solution (for 1/4 of your clients). Real life download speed ranges from 89-90MB/s (2 clients) until 32-33 MB/s (5 clients simulataneously) with 17 networks disturbing my througput in the neighbourhood. Disturbtion is so heavy, I measure higher througput on 2.4 Ghz as 5 Ghz network. So our guest get the 5Ghz WL-network access. My setup only setme back €75 for new WL-router. So I can pay Loman brother for next 35 years before it is as expensive as an SMB solution.
     
    Last edited by a moderator: Oct 25, 2014
  20. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    32-33MB/s for 5 clients isn't nearly enough. I only have a 56Mbps connection, but often have 20-50 clients in the home. Granted many of those are inactive or more passive connections (Cell phones, DVR's etc). When push comes to shove, I need to push some serious juice through the device. Which leaves me with only 2 choices - an Enterprise Level UTM, or ASUS RT-AC87... The ASUS is great, and handles most threats. But it still isn't a real enterprise solution with complex, and constantly updating IPS and AV signatures, and deep packet inspection.

    Sitecom's aren't available in the US, and I am unsure why no major vendors other than ASUS are taking an interest in consume grade UTM's.. It's the wave of the future for consumers - stop the threats at the network!
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    My setup doesn't change much. I use Windows 8.1 x64 Pro with all updates installed.

    My security software (in order of importance):

    Backup:
    Macrium Reflect Standard for daily incremental backups
    External HDD to backup system images and other personal data

    Network:
    Router with NAT firewall
    Windows built-in firewall (inbound monitoring only)

    Whitelisting:
    Software Restriction Policies
    User Account Control
    on maximum

    Blacklisting:
    real time: ESET Nod32 AV
    on demand: HitmanPro, Malwarebytes AM, Emsisoft AM, Avira PC Cleaner, VT Uploader

    Browser:
    Google Chrome x64 and uBlock
     
  22. guest

    guest Guest

    Started to play around with Windows Firewall outbound rules. Was trying to lock the local IP.
     
  23. Okay, now I think it is a pitty my router started to become unstable about two months ago (and had to replace it). According to announcements the RT-AC56U will have Trend Deep Security also. The RT-AC56U sells around 15 Euro's more than my Sitecome Router with same bandwidth features. So it is not the same as the HMP UTM solution, but it is really a good deal (pay a 15 euro bonus once for product lifte time extra security layer on router).
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    After getting Crypto Locked and escaping via Win 8 REFRESH finally, I more then ever really miss the classical Power HIPS back when Malware Defender, EQS and those were all the rage. You could custom configure rulesets for every attack vector known to windows to suspend transit of potential danger intrusions etc. What I wouldn't give if they had at least left us a 64bit version behind when abandoned.

    Only recourse now is to run Shadow Defender every boot in a virtual environment as well as daily backups. UGH!!!
     
  25. @EASTER
    You could use the free Secure Folders to filter access to your data (user folders also have a no-execute ACL), For anti-executable you could use a free AE (Voodoo Shield or SecureA+) instead of AppLocker, see pic (I have OS on SSD and a 1 TB HD split in two partitions D and M, with an old small laptop HD for quick backups of my data and OS image).

    Untitled.png
     
    Last edited by a moderator: Oct 28, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.